The scrubbing process will cause PF to drop any incomin packets with illegal TCP flag combinations(such as SYN+FIN).It happened before pass and block.
>Define a filter to drop the packets with SYN+FIN flags set. > >Mihai > jeff wrote: >> Sean Knox wrote: >> >>> <tcpdump logs and pf.conf snipped> >>> >>> The only people who can help is your ISP. Talk to them and hopefully >>> they can trace the attack upstream. >> >> >> I once added this to pf.conf to mitigate a DDoS. It appeared to have >> worked, but it may have been a placebo effect ;) ---- iGENUS is a free webmail interface, NO fee, download --------------------------------------------------------- please visit http://www.qmail.org
